Michaelwagner Wrote: > I'm no cryptographer, but I studied computer science back in the day, > and every undergrad had to know some encoding theory. There was always > a short bit on encryption (because we encrypt passwords and so on) and > even that short bit told us that repeated, predictable bits, especially > at fixed locations in the message, make it very easy to crack. > > So did the 802.11 committee forget to have anyone on the WEP committee > that ever studied computer science?
I'm sure they did - but they didn't have anyone well versed in cryptopgraphy, and there is the problem. Studying the general field of computing (computer science) is not the same as having a thorough understanding of cryptographic systems. No offence meant here, but if I were in charge of a comittee designing a security system for what was to become an incredibly successful and widespread technology I would rather have a cryptographic expert involved than a computer scientist. Is it likely that a computer scientist would have a thorough understanding of the weakenesses inherent in RC4, realise that the RC4 nonce must be unique (which it's not in WEP as insufficient space is allocated, so it has to repeat), that by not hashing the secret key with the nonce prior to encryption this would make possible key-recovery attacks, or that using CRC checksums to authenticate a message is a very bad idea? And that's just the initial set of flaws... :) Cryptography is a specialised field, and the original 802.11 WEP committe fall into that category of people who thought they knew what they were talking about, but didn't. At least they seem to have learned their lesson! -- Milhouse ------------------------------------------------------------------------ Milhouse's Profile: http://forums.slimdevices.com/member.php?userid=928 View this thread: http://forums.slimdevices.com/showthread.php?t=24049 _______________________________________________ audiophiles mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/audiophiles
